![](/images/backgrounds/285757/hp-procurve-2600-series-users-manual-550038254x1.png)
Configuring and Monitoring Port Security
MAC Lockdown
Internal
Network
PROBLEM: If this link fails,
traffic to Server A will not use Server A the backup path via Switch 3
|
|
|
| Switch 3 |
|
|
|
|
|
|
|
|
|
|
|
|
| Switch 4 | |||||||||||||||||||
|
|
|
|
|
|
|
| ||||||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Server A is locked down to Switch 1, Uplink 2
Switch 1 |
| Switch 2 |
|
|
|
External
Network
M i x e d U s e r s
FigureThe resultant connectivity issues would prevent you from locking down Server A to Switch 1. And when you remove the MAC Lockdown from Switch 1 (to prevent broadcast storms or other connectivity issues), you then open the network to security problems. The use of MAC Lockdown as shown in the above figure would defeat the purpose of using STP or having an alternate path.
Technologies such as STP are primarily intended for an internal campus network environment in which all users are trusted. STP does not work well with MAC Lockdown.
If you deploy MAC Lockdown as shown in the Model Topology in figure